Utilizing the SHAP framework to bypass intrusion detection systems

Abstract

The number of people connected to the internet is swiftly growing, and technology is increasingly integrated into our daily lives. With this increase, there is a surge of attacks towards the digital infrastructure. It is of great importance to understand how we can analyze and mitigate attacks to ensure the availability of the services we depend on. The purpose of this study is two-sided. The first is to evaluate different machine learning models in intrusion detection systems. We measured their performance on distributed denial of service(DDoS) attacks and explained them using SHAP values. Secondly, by using the SHAP values, we found the most important features and generated multiple variations of the same attacks to see how the different models reacted. Ultimately, we found that SHAP values have great potential as a base for generating more sophisticated attacks. In turn, the modified attacks were able to bypass intrusion detection systems.